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CLAIM + DETAILED DESCRIPTION 

[Claim(s)] 

[Claim 1]When performing access to a portable information storage medium from an external 
device characterized by comprising the following, are an authentication method which checks 
that said portable information storage medium is a right thing, and the arbitrary data R for 
attestation is received, So that the same data as said data R for attestation may be obtained 
by obtaining code data C by performing encipherment arithmetic using the 1st key alpha, and 
performing a decoding operation using the 2nd key beta to this code data C, While making 
said 1st key alpha remember it to be the operation definition stage of defining the 1st key 
alpha, key beta, encipherment arithmetic, and decoding operation in [ portable / said ] an 
information storage medium, [ 2nd ] A medium preparatory step which prepares a processing 
capability which performs said encipherment arithmetic for said portable information storage 
medium, A random number transmission stage story which generates a random number in 
said external device, and transmits to said portable information storage medium by using this 
random number as the data R for attestation, A data storage stage for attestation of making 
the predetermined memory location in [ portable / said ] an information storage medium 
memorizing this in response to transmission of the data R for attestation, and inside of an 
information storage medium portable [ said ]. 

case the newly transmitted data R for attestation investigates whether it is in agreement with 
the data R for attestation memorized until now and its any are inharmonious -- encryption -- 
permission -- a judgment stage of judging. 

in said judgment stage -- encryption -- permission, when a judgment is performed in [ portable / 
said ] an information storage medium, An encryption stage of performing said encipherment 
arithmetic using said 1st memorized key alpha to the transmitted data R for attestation, and 
making code data C obtained as a result replying said external device. 
A decoding stage of performing said decoding operation using said 2nd key beta in said 
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external device to code data C replied from said portable information storage medium. 
An attestation stage of checking said portable information storage medium with a right thing 
when the data same as a result of said decoding operation as the data R for attestation 
transmitted on said random number transmission stage story is obtained. 

[Claim 2][ in the authentication method according to claim 1 ] [ data / R / which was transmitted 
by random number transmission stage story / for attestation ] performing a judgment stage in 
advance of a data storage stage for attestation, and setting in this judgment stage -- encryption 
-- permission -- an authentication method of a portable information storage medium 
characterized by performing a data storage stage for attestation only when a decision result is 
obtained. 

[Claim 3]ln the authentication method according to claim 1 or 2, prepare two or moren memory 
location which can memorize the data R for attestation in [ portable ] an information storage 
medium, and, [ a data storage stage for attestation ] An authentication method of a portable 
information storage medium characterized by making it make the data R for attestation for n 
times memorize these days. 

[Claim 4]When the data R for attestation has been transmitted with an authentication 
command from an external device characterized by comprising the following, A portable 
information storage medium with a function which performs predetermined encipherment 
arithmetic to this data R for attestation, and is replied to said external device by making into a 
response code data C obtained as a result. 

A command reception part which receives a command transmitted from said external device. 

A data storage part for attestation for memorizing said data R for attestation. 

A secret-key storage part for memorizing secret-key alpha for using for said encipherment 

arithmetic. 

When said command reception part receives the data R for attestation with an authentication 
command, An inharmonious check part which checks that the data R for attestation memorized 
in said data storage part for attestation and the newly received data R for attestation are 
inharmonious, A data write part for attestation which writes the data R for attestation which 
said command reception part received in said data storage part for attestation, Secret-key 
alpha memorized in said secret-key storage part on condition that disagreement was checked 
in said inharmonious check part is used, An encipherment arithmetic part which performs 
encipherment arithmetic to the newly received data R for attestation, and obtains code data C, 
and a response transmission section which transmits a response containing said code data C 
to said external device. 

[Claim 5] It is carried out on condition that disagreement was checked in an inharmonious 
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check part about the newly received data R for attestation in the portable information storage 
medium according to claim 4, A portable information storage medium, wherein writing of said 
newly received data R for attestation in a data write part for attestation is performed. 
[Claim 6]ln the portable information storage medium according to claim 4 or 5, [ a data storage 
part for attestation ] Prepare two or moren memory location so that the data R for attestation 
along which it passes two or moren can be memorized, and, [ a data write part for attestation ] 
A portable information storage medium performing processing which writes the data R for 
attestation used as a write object in each memory location one by one, and performing 
rewriting processing to the memory location in which the data R for attestation in which two or 
moren memory location is the oldest when finishing [ already / writing ] altogether is written. 



[Detailed Description of the Invention] 
[0001] 

[Field of the lnvention]When accessing this invention from an external device to an IC card 
especially about a portable information storage medium and an authentication method for the 
same, it relates to an IC card suitable for performing the authentication method and such an 
authentication method for attesting that this IC card is a right thing. 
[0002] 

[Description of the Prior Art]lt is also already a question of time that the portable information 
storage medium represented by the IC card is spreading quickly with the miniaturization 
technology of an IC chip, and one sheet comes to spread even round ordinary individual users 
at a time. Thus, the more portable information storage media, such as an IC card, come to be 
used as a tool which makes the base of social life, the more reservation of security serves as 
an important technical problem. What is called a reader writer device will be used for access to 
an IC card, and a computer system will carry out an exchange of the inside of an IC card, and 
data to it via this reader writer device. Then, if an IC card is inserted in a reader writer device, 
processing which attests a partner will usually be performed mutually. 
[0003][ the attestation for seeing an IC card from the reader writer device side, and checking 
whether the IC card concerned is a right thing ] Usually, the arbitrary data for attestation (the 
random number is used) is given from a reader writer device to an IC card with an 
authentication command, and the right response to this is performed by the method of verifying 
whether it coming on the contrary. Using a public-key crypto system, more specifically, [ a 
regular IC card ] In the inside of an IC card to the data for attestation (arbitrary random 
numbers) which stores secret-key alpha in the inside and was given from the reader writer 
device side, Make the encryption processing using this secret-key alpha carry out, make the 
code data obtained by this encryption processing return as a response, and, [ the reader writer 
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device side ] To the code data returned as this response, decoding processing using public 
key beta corresponding to secret-key alpha is performed, and the data obtained by this 
decoding processing is performing attestation over an IC card by whether it is in agreement 
with the data for attestation of a basis. 

[0004]Since secret-key alpha stored in the IC card usually has structure which is not read to 
the exterior by any methods, it is very difficult to forge the IC card which has right secret-key 
alpha. Therefore, by the method mentioned above, code data is made to return as a response, 
and if the data obtained by decrypting this is in agreement with the original data for attestation, 
attestation that the IC card concerned is regular will be acquired. 
[0005] 

[Problem to be solved by the invention]As mentioned above, logically, secret-key alpha stored 
in the IC card is the structure which is not read to the exterior by any methods. However, 
actually, it is analyzing various physical phenomena (for example, consumed electric current) 
under IC card operation, and the method of detecting nondestructively secret-key alpha stored 
in the IC card from the outside exists. For example, the technique currently called DPA 
(Differential Power Analysis) is based on the principle of guessing the contents of secret-key 
alpha, by analyzing the waveform of the power consumption of an IC card statistically. Change 
into the state where the system of measurement for measuring the consumed electric current 
in the inside of an IC card was connected, and repeating transmission of the predetermined 
data for attestation is specifically carried out to the terminal for electric power supplies of an IC 
card, etc. from the reader writer device side, The contents of secret-key alpha are grasped by 
a statistical technique by performing encipherment arithmetic using secret-key alpha inside an 
IC card, and analyzing the power consumption waveform at this time. 
[0006]Then, an object of this invention is to provide the authentication method of the portable 
information storage medium which can secure sufficient security also to an unjust analytic 
method which was mentioned above. 
[0007] 

[Means for solving problem](1) In the authentication method which checks that this portable 
information storage medium is a right thing when the 1st mode of this invention performs 
access to a portable information storage medium from an external device, To the arbitrary data 
R for attestation, by performing encipherment arithmetic using the 1st key alpha, code data C 
is obtained and this code data C is received, So that the same data as the original data R for 
attestation may be obtained by performing the decoding operation using the 2nd key beta, 
While making the 1st key alpha remember it to be the operation definition stage of defining the 
1st key alpha, key beta, encipherment arithmetic, and decoding operation in [ portable ] an 
information storage medium, [ 2nd ] The medium preparatory step which prepares the 
processing capability which performs encipherment arithmetic for this portable information 
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storage medium, The random number transmission stage story which generates a random 
number in an external device and transmits to a portable information storage medium by using 
this random number as the data R for attestation, It is investigated whether in response to 
transmission of the data R for attestation, it is in agreement with the data R for attestation in 
which the data R for attestation newly transmitted into [ portable ] an information storage 
medium is remembered to be the data storage stage for attestation of making the 
predetermined memory location in [ portable ] an information storage medium memorizing this 
until now, case any are inharmonious -- encryption -- permission -- in the judgment stage of 
judging, and this judgment stage -- encryption -- permission, when a judgment is performed in 
[ portable ] an information storage medium, In the encryption stage of performing encipherment 
arithmetic using the 1st memorized key alpha to the transmitted data R for attestation, and 
making code data C obtained as a result replying an external device, and an external device, 
The decoding stage of performing the decoding operation using the 2nd key beta to code data 
C replied from the portable information storage medium, When the data same as a result of 
this decoding operation as the data R for attestation transmitted on the random number 
transmission stage story is obtained, it is made to perform the attestation stage of checking a 
portable information storage medium with a right thing. 

[0008](2) In the authentication method of the portable information storage medium which 
requires the 2nd mode of this invention for the 1st above-mentioned mode, performing a 
judgment stage in advance of the data storage stage for attestation, and setting in this 
judgment stage about the data R for attestation transmitted by the random number 
transmission stage story, -- encryption -- permission -- only when a decision result is obtained, 
it is made to perform the data storage stage for attestation. 

[0009](3) In the authentication method of the portable information storage medium which 
requires the 3rd mode of this invention for the 1st or 2nd above-mentioned mode, In 
[ portable ] an information storage medium, two or more Memory locationn which can 
memorize the data R for attestation is prepared, and it is made to make the data R for 
attestation for n times memorize in the data storage stage for attestation these days. 
[0010](4) When the data R for attestation has been transmitted with the authentication 
command from the external device, [ the 4th mode of this invention ] In a portable information 
storage medium with the function which performs predetermined encipherment arithmetic to 
this data R for attestation, and is replied to an external device by making into a response code 
data C obtained as a result, The command reception part which receives the command 
transmitted from an external device, and the data storage part for attestation for memorizing 
the data R for attestation, When the secret-key storage part and command reception part for 
memorizing secret-key alpha for using for encipherment arithmetic receive the data R for 
attestation with an authentication command, The inharmonious check part which checks that 
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the data R for attestation memorized in the data storage part for attestation and the newly 
received data R for attestation are inharmonious, The data write part for attestation which 
writes the data R for attestation which the command reception part received in the data 
storage part for attestation, The encipherment arithmetic part which performs encipherment 
arithmetic to the newly received data R for attestation, and obtains code data C using secret- 
key alpha memorized in the secret-key storage part on condition that disagreement was 
checked in the inharmonious check part, The response transmission section which transmits 
the response containing code data C to an external device, ******** - it is made like. 
[001 1](5) In a portable information storage medium which requires the 5th mode of this 
invention for the 4th above-mentioned mode, On condition that disagreement was checked in 
an inharmonious check part about the newly received data R for attestation, writing of the 
newly received data R for attestation in a data write part for attestation is made to be 
performed. 

[0012](6) In a portable information storage medium which requires the 6th mode of this 
invention for the 4th or 5th above-mentioned mode, Two or moren memory location is 
prepared for a data storage part for attestation so that the data R for attestation along which it 
passes two or moren can be memorized, Perform processing for which a data write part for 
attestation writes the data R for attestation used as a write object in each memory location one 
by one, and when finishing [ already / writing ] altogether, [ two or moren memory location ] It is 
made to perform rewriting processing to the memory location in which the oldest data R for 
attestation is written. 
[0013] 

[Mode for carrying out the invention]Hereafter, it explains based on an embodiment illustrating 
this invention. First, a basic principle of an authentication method currently performed in the 
conventional common portable information storage medium (specifically IC card) is explained, 
referring to a block diagram of drawing 1 . This authentication method is an authentication 
method using a public-key crypto system using a pair key which consists of a secret key and a 
public key. 

[0014]ln the state where inserted the portable information storage medium (IC card) 100 in the 
external device (reader writer device) 200, and both were electrically connected, drawing 1 is a 
block diagram showing the procedure which attests the IC card 100 side from the reader writer 
device 200 side. In the example of illustration, in IC card 100, the 1st key alpha (secret key) is 
stored beforehand, and the 2nd key beta (public key) is beforehand stored in the reader writer 
device 200. Here, the 1st key alpha is a key peculiar to the owner of this IC card 100, and is a 
secret key which generally is not told, for example. On the other hand, although the 2nd key 
beta is same key peculiar to this owner, it is the key generally exhibited. Therefore, even if it 
always does not store the 2nd key beta in the reader writer device 200, and it makes it read 
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from somewhere else (for example, host computer etc.) in the reader writer device 200 each 
time, it is not cared about. IC card 100 is equipped with the function to perform encryption 
processing to arbitrary data, using the 1st key alpha, and the reader writer device 200 is 
equipped with the function to perform decoding processing to arbitrary code data, using the 
2nd key beta. 

[0015]The reader writer device 200 is equipped with the function to generate a random 
number, and the random number generated with the reader writer device 200 will be 
transmitted to the IC card 100 side with an authentication command as the data R for 
attestation. In the IC card 100 side, code data C is generable by performing encipherment 
arithmetic using the 1st key alpha to the data R for attestation transmitted in this way. In the 
premise of using the 1st key alpha, code data C is data which can be uniquely found based on 
the data R for attestation. IC card 100 replies code data C for which it asked in this way to the 
reader writer device 200 as a response to an authentication command. In the reader writer 
device 200 side, a decoding operation is performed to code data C transmitted in this way 
using the 2nd key beta. And if the data obtained by this decoding operation is in agreement 
with the original data R for attestation, it will attest IC card 100 as a right thing. 
[001 6]Of course, in order to make such an authentication method possible, it is necessary to 
provide the 1st key alpha, 2nd key beta, encipherment arithmetic, and decoding operation in a 
specific thing beforehand. Namely, to the arbitrary data R for attestation, by performing 
encipherment arithmetic using the 1st key alpha, code data C is obtained and this code data C 
is received, By performing the decoding operation using the 2nd key beta, the 1st key alpha, 
key beta, encipherment arithmetic, and decoding operation must be defined so that the same 
data as said data R for attestation may be obtained. [ 2nd ] If another word is carried out. [ the 
1st key alpha and the 2nd key beta ] It is necessary to have a relation of the pair key 
equivalent to the secret key and public key in a public-key crypto system. The decoding 
operation performed by the encipherment arithmetic [which is performed by the IC card 100 
side ] and reader writer device 200 side needs to be the encipherment arithmetic and the 
decoding operation in this public-key crypto system. 

[0017]As the data R for attestation generated in the reader writer device 200 side, since a 
random number is used, the contents of the data R for attestation given to the IC card 100 side 
will differ each time. Therefore, the contents of code data C returned as a response from the IC 
card 100 side also differ each time. However, if a right decoding operation is performed using 
right public key beta by the reader writer device 200 side as long as the IC card 1 00 side is 
carrying out right encipherment arithmetic using right secret-key alpha, decrypted data is in 
agreement with the original data R for attestation. Therefore, no matter the original data R for 
attestation may be what value, attestation over IC card 100 is attained. And since secret-key 
alpha stored in IC card 100 is not read to the exterior of an IC card, it looks [ secure / once / 
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sufficient security ] logical. 

[001 8] However, if the technique of analyzing the consumed electric current of an IC card 
statistically is used in fact as already stated, it will become possible to perceive the contents of 
secret-key alpha in IC card 100 from the outside. For example, the data R for attestation 
"11111111" Becoming is repeated repeatedly, and it gives IC card 100, and when a power 
consumption waveform of IC card 100 inside at that time is repeated and observed by an 
electric measuring method, a certain pattern will be obtained statistically. Similarly the data R 
for attestation "00000000" Becoming is repeated repeatedly, and it gives IC card 100, and 
when a power consumption waveform of IC card 100 inside at that time is repeated and 
observed by an electric measuring method, a certain pattern will be obtained statistically too. 
By analyzing such a pattern, it becomes possible to guess statistically the contents of secret- 
key alpha stored in an inside. 

[0019]ln order to make such an unjust analytic method difficult, the feature of this invention is 
at the point of refusing the encipherment arithmetic in IC card 100 inside, when the same data 
R for attestation is repeatedly given to IC card 100. For example, supposing the data R for 
attestation which it "1 1 1 1 1 1 1 1" Comes to set to the 1st authentication command is given in the 
case of an above-mentioned example, this 1st authentication command is received, Although 
encipherment arithmetic using secret-key alpha will be performed and obtained code data C 
will be replied as a response, When the data R for attestation which it "1 1 1 1 1 1 1 1" [ same ] 
Comes to set to the authentication command for the and afterwards time is given, the 
authentication command concerned will be refused and encipherment arithmetic using secret- 
key alpha will be performed. Of course, a normal response is not obtained, either. 
[0020]Since it becomes impossible to carry out repeat execution of the encipherment 
arithmetic using the same data R for attestation if such structure is used, it becomes difficult to 
analyze a power consumption waveform by a statistical technique. 
[0021]What is necessary is just to carry out composition of IC card 100 to composition as 
shown in the block diagram of drawing 2, in order to attain such a purpose. The block diagram 
of this drawing 2 shows the state where IC card 100 (portable information storage medium) 
concerning this invention was connected to the conventional common reader writer device 200 
(external device). IC card 100 concerning this embodiment has the command reception part 
110, the data write part 120 for attestation, the data storage part 130 for attestation, the 
inharmonious check part 140, the encipherment arithmetic part 150, the secret-key storage 
part 160, and the response transmission section 170 as illustration. On the other hand, the 
reader writer device 200 has the command transmission section 210, the data generating part 
220 for attestation, the response receive section 230, the decoding operation part 240, the 
public key storage part 250, and the authentication section 260. Of course, only the component 
required in order to perform authenticating processing concerning this invention is illustrated by 
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drawing 2 , and it is equipped with other components for performing the original function as an 
IC card and a reader writer device in an actual IC card and reader writer device. 
[0022]The reader writer device 200 shown in drawing 2 is the conventional common reader 
writer device, and if it says conversely, when carrying out this invention, the reader writer 
device can use the conventional thing as it is. The data generating part 220 for attestation is a 
means to generate a random number in fact, and the random number generated here will be 
given to the IC card 100 side as the data R for attestation. That is, the data R for attestation 
generated as a random number is transmitted towards the command reception part 1 10 from 
the command transmission section 210 with an authentication command. When the data R for 
attestation has been transmitted with the authentication command in this way, [ IC card 100 ] It 
is a portable information storage medium with the function to reply as a response code data C 
which performs predetermined encipherment arithmetic to this data R for attestation, and is 
obtained as a result, Code data C as a response will be transmitted towards the response 
receive section 230 from the response transmission section 170. 

[0023]ln the reader writer device 200 side, the decoding operation to code data C replied in 
this way is performed. That is, in the decoding operation part 240, the decoding operation to 
code data C is performed using public key beta stored in the public key storage part 250. 
When the decode data obtained as this result of an operation is compared with the data R for 
attestation of the origin which the data generating part 220 for attestation generated in the 
authentication section 260 and both are in agreement, the point that attestation that IC card 
100 is a right thing is performed is as having already stated. 

[0024]lt is as on the other hand having also already described fundamentally processing of 
encipherment arithmetic performed by the IC card 100 side. That is, the data R for attestation 
received in the command reception part 1 10 is given to the encipherment arithmetic part 150, 
and is enciphered. Secret-key alpha is stored in the secret-key storage part 160. The 
encipherment arithmetic part 150 reads secret-key alpha from this secret-key storage part 160, 
performs encipherment arithmetic to the data R for attestation using this, and performs 
processing which asks for code data C. Code data C which was able to be found is transmitted 
as a response from the response transmission section 170. 

[0025] However, in order for the encipherment arithmetic part 150 to perform this encipherment 
arithmetic, permission from the inharmonious check part 140 is needed. Unless a signal of a 
purport that encipherment arithmetic about this data R for attestation is permitted will be given 
from the inharmonious check part 140 even if the data R for attestation is given to the 
command reception part 110 if another word is carried out, the encipherment arithmetic part 
150 will not perform encipherment arithmetic. It judges whether the data R for attestation of the 
inharmonious check part 140 newly given to the command reception part 110 corresponds with 
the data R for attestation given in the past, and only when inharmonious, a signal of a purport 
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that encipherment arithmetic is permitted to the encipherment arithmetic part 150 is given. In 
order to make such a judgment perform in the inharmonious check part 140, it is necessary to 
store the data R for attestation given until now. Such accumulation processing is performed by 
the data write part 120 for attestation, and the data storage part 130 for attestation. The data 
storage part 130 for attestation has the memory location for carrying out accumulation memory 
of two or more data R for attestation given so far, and the data write part 120 for attestation 
performs processing which writes the data R for attestation which the command reception part 
110 received one by one in this data storage part 130 for attestation. 
[0026]Of course, when using this IC card 100 for the first time. Although the data R for 
attestation has not been stored yet into the data storage part 130 for attestation, whenever the 
data R for attestation is transmitted with an authentication command from the command 
transmission section 210, with the data write part 120 for attestation, This data R for attestation 
will be written in the data storage part 130 for attestation. When the command reception part 
110 receives the data R for attestation with an authentication command, [ the inharmonious 
check part 140 ] It will check that the data R for attestation memorized in the data storage part 
130 for attestation and the newly received data R for attestation are inharmonious, and the 
signal of the purport that encipherment arithmetic is permitted to the encipherment arithmetic 
part 150 will be given. The encipherment arithmetic part 150 performs the operation which 
performs encipherment arithmetic to the newly received data R for attestation, and obtains 
code data C using secret-key alpha memorized in the secret-key storage part 160 on condition 
that disagreement was checked in this inharmonious check part 140. 

[0027]ln this embodiment, the data write part 120 for attestation is made to write in this newly 
received data R for attestation, on condition that disagreement was checked in the 
inharmonious check part 140 about the newly received data R for attestation. Namely, when 
the new data R for attestation is received by the command reception part 1 10 with an 
authentication command, First, only when processing of the inharmonious check by the 
inharmonious check part 140 is performed and disagreement is checked, the data R for 
attestation concerned will be written in the data storage part 130 for attestation by the data 
write part 120 for attestation. Conversely, when saying and coincidence is checked in the 
inharmonious check part 140, the data R for attestation concerned is not written in by the data 
write part 120 for attestation. When such employment eliminates redundancy from the data in 
the data storage part 130 for attestation, it is meaningful. That is, writing for the second time is 
not performed about the same data as the data already memorized in the data storage part 
130 for attestation. 

[0028]Practically, memory space in IC card 100 is limited, and, naturally its storage capacity of 
the data storage part 130 for attestation is also limited. Therefore, if IC card 100 will be used 
for a long period of time, will be inserted in the reader writer device 200 repeatedly and will 
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receive attestation, void areas in the data storage part 130 for attestation will decrease in 
number gradually, and the data R for attestation will be soon written in all the fields. In such a 
case, what is necessary is to leave the latest data R for attestation and just to perform 
processing which is rewritten from old data in the data storage part 130 for attestation. For 
example, what is necessary is just to make it the data R for attestation for n times memorized 
recently, when two or moren memory location which can memorize the data R for attestation is 
prepared in the data storage part 130 for attestation. Namely, what is necessary is just to 
perform rewriting processing to the memory location in which the oldest data R for attestation 
is written, after it performs processing which writes the data R for attestation used as a write 
object in each memory location one by one and it already becomes finishing altogether writing 
in two or moren memory location until a void area is lost. 

[0029] Drawing 3 is a figure showing an example of such rewriting processing. First, as shown 
in drawing 3 (a), when two or moren memory location shown by the memory location number 1 
- n is prepared, supposing three data for attestation R (1), R (2), and R (3) are given one by 
one, These data will be written in the memory location numbers 1, 2, and 3 one by one as 
illustration. It enables it for the pointer P to have shown the last write-in place here. Then, what 
is necessary is to perform writing to the memory location number 4 located in the next of a 
write-in place of the last to which the pointer P points, and just to update the pointer P, when 
the new data R (4) for attestation is given for example. Drawing 3 (b) is carried out in this way, 
writes in one by one, and shows the state where a total of n data for attestation R (1) - R (n) 
were written in altogether. What is necessary is just to perform rewriting to a position of the 
memory location number 1 where the oldest data R (1) for attestation was written in in this 
state, as shown in drawin g 3 (c) when the following data R for attestation (n+1) is given. 
Drawing 3 (d) shows write states when the still newer data R (n+2) and R for attestation (n+3) 
is given. Whenever it performs such rewriting processing, accumulation memory of the n 
newest data for attestation will be carried out. 

[0030] Drawing 4 is a flow chart showing the procedure of the authentication method of the 
portable information storage medium concerning this invention. Of course, when carrying out 
the procedure shown in this drawing 4 . Predetermined secret-key alpha needs to be stored 
and it is necessary to prepare a portable information storage medium (IC card 100) with the 
function to perform predetermined encipherment arithmetic using this secret-key alpha, and to 
prepare the external device (reader writer device 200) for accessing this. 
[0031 ]Now, if IC card 100 is inserted in the reader writer device 200, first, in Step S1, by the 
reader writer device 200 side, the data R for attestation (random number) will be generated, 
and this data R for attestation will be transmitted to the IC card 100 side in continuing Step S2. 
In fact, as mentioned above, the data R for attestation will be given with an authentication 
command to the IC card 100 side. In Step S4 which will continue if IC card 100 receives this 
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data R for attestation in Step S3, A coincidence decision with the data R for attestation for the 
past n times is performed (what is necessary is just to, perform a coincidence decision with the 
data R for attestation stored until now, of course, when the data R for attestation for n times 
has not been stored yet into the data storage part 130 for attestation). 
[0032]Here, if the judgment of the purport that any of the data R for attestation stored are 
inharmonious is made, it will progress to Step S6 from Step S5, and processing which writes 
this newly received data R for attestation in the data storage part 130 for attestation will be 
performed. Thus, only when the coincidence decision of Step S4 was performed and an 
inharmonious decision result was obtained in advance of the writing processing of the data for 
attestation of Step S6, as it mentioned above that it was made to perform writing processing of 
Step S6, It is for eliminating the redundancy of the data R for attestation stored into the data 
storage part 130 for attestation (in order for the same data to overlap and to make it not written 
in). Next, in Step S7, encipherment arithmetic using secret-key alpha is performed to this data 
R for attestation, and obtained code data C is transmitted as a response in Step S8. 
[0033]ln Step S9, the reader writer device 200 receives code data C transmitted as this 
response, and performs the decoding operation using public key beta to this code data C in 
Step S1 0. And in Step S1 1 , coincidence with the decode data obtained as a result of this 
decoding operation and the original data R for attestation (random number by which it was 
generated at Step S1) is judged. If both are in agreement, it progresses to Step S13 from Step 
S12, it becomes an authentication success and both are not in agreement, it progresses to 
Step S14 from Step S12, and becomes an authentication failure. [0034]The result of the 
coincidence decision of Step S4 carried out on the other hand at the IC card 100 side, If the 
result which shifts and is in agreement with that data R for attestation to be accumulated into 
the data storage part 130 for attestation is obtained, it will progress to Step S15 from Step S5, 
and transmission of errors will be performed as a response to the reader writer device 200. In 
this case, in Step S16, since the reader writer device 200 will receive an error as a response, it 
is made to perform predetermined error handling in continuing Step S17. 
[0035]lf such a procedure is made to perform attestation over IC card 100, Since encipherment 
arithmetic [ in / only within a case where the data R for attestation for the past n times is 
inharmonious /, in the newly given data R for attestation / Step S7 ] will be performed in a 
judgment in Step S4, The same data R for attestation can be repeated and given to IC card 
100, power consumption at that time can be repeated and observed, and operation of an 
unjust analytic method of guessing secret-key alpha with a statistical technique can be made 
difficult. 

[0036]As mentioned above, although it explained based on an embodiment illustrating this 
invention, this invention is not limited to this embodiment and is feasible with various forms. 
For example, to a common portable information storage medium, although an above- 
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mentioned embodiment described an example which performs attestation over an IC card via a 
reader writer device, this invention can be widely applied, when performing attestation from an 
external device. 
[0037] 

[Effect of the lnvention]According to the authentication method of the portable information 
storage medium applied to this invention as above, it becomes possible to secure sufficient 
security also to an unjust analytic method. 



[Translation done.] 
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